Merge pull request #11792 from mheon/340_final

Backports + release notes for v3.4.0 final

RELEASE_NOTES.md

@@ -18,10 +18,12 @@
 - Volumes created by `podman volume create` now support setting quotas when run atop XFS. The `size` and `inode` options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
 - The `podman info` command now outputs information on what log drivers, network drivers, and volume plugins are available for use ([#11265](https://github.com/containers/podman/issues/11265)).
 - The `podman info` command now outputs the current log driver in use, and the variant and codename of the distribution in use.
+- The parameters of the VM created by `podman machine init` (amount of disk space, memory, CPUs) can now be set in `containers.conf`.
+- The `podman machine ls` command now shows additional information (CPUs, memory, disk size) about VMs managed by `podman machine`.
+- The `podman ps` command now includes healthcheck status in container state for containers that have healthchecks ([#11527](https://github.com/containers/podman/issues/11527)).
 
 ### Changes
 - The `podman build` command has a new alias, `podman buildx`, to improve compatibility with Docker. We have already added support for many `docker buildx` flags to `podman build` and aim to continue to do so.
-- Podman commands run as root now ignore `XDG_RUNTIME_DIR` when determining where to place temporary files, which should resolve a number of issues including [#10745](https://github.com/containers/podman/issues/10745) and [#10806](https://github.com/containers/podman/issues/10806).
 - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
 - The default log driver has been changed from `file` to `journald`. The `file` driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the `file`.
 - Podman no longer depends on `ip` for removing networks ([#11403](https://github.com/containers/podman/issues/11403)).
@@ -51,6 +53,7 @@
 - Fixed a bug where the `podman logs -f` command could hang when a container exited ([#11461](https://github.com/containers/podman/issues/11461)).
 - Fixed a bug where the `podman generate systemd` command could not be used on containers that specified a restart policy ([#11438](https://github.com/containers/podman/issues/11438)).
 - Fixed a bug where the remote Podman client's `podman build` command would fail to build containers if the UID and GID on the client were higher than 65536 ([#11474](https://github.com/containers/podman/issues/11474)).
+- Fixed a bug where the remote Podman client's `podman build` command would fail to build containers if the context directory was a symlink ([#11732](https://github.com/containers/podman/issues/11732)).
 - Fixed a bug where the `--network` flag to `podman play kube` was not properly parsed when a non-bridge network configuration was specified.
 - Fixed a bug where the `podman inspect` command could error when the container being inspected was removed as it was being inspected ([#11392](https://github.com/containers/podman/issues/11392)).
 - Fixed a bug where the `podman play kube` command ignored the default pod infra image specified in `containers.conf`.
@@ -68,6 +71,11 @@
 - Fixed a bug where the `--filter` option to `podman ps` did not properly handle filtering by healthcheck status ([#11687](https://github.com/containers/podman/issues/11687)).
 - Fixed a bug where the `podman run` and `podman start --attach` commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external `podman rm -f`) ([#11633](https://github.com/containers/podman/issues/11633)).
 - Fixed a bug where the `podman generate kube` command would add default environment variables to generated YAML.
+- Fixed a bug where the `podman generate kube` command would add the default CMD from the image to generated YAML ([#11672](https://github.com/containers/podman/issues/11672)).
+- Fixed a bug where the `podman rm --storage` command could fail to remove containers under some circumstances ([#11207](https://github.com/containers/podman/issues/11207)).
+- Fixed a bug where the `podman machine ssh` command could fail when run on Linux ([#11731](https://github.com/containers/podman/issues/11731)).
+- Fixed a bug where the `podman stop` command would error when used on a container that was already stopped ([#11740](https://github.com/containers/podman/issues/11740)).
+- Fixed a bug where renaming a container in a pod using the `podman rename` command, then removing the pod using `podman pod rm`, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed ([#11750](https://github.com/containers/podman/issues/11750)).
 
 ### API
 - The Libpod Pull endpoint for Images now has a new query parameter, `quiet`, which (when set to true) suppresses image pull progress reports ([#10612](https://github.com/containers/podman/issues/10612)).

cmd/podman/common/completion.go

@@ -193,21 +193,14 @@ func getImages(cmd *cobra.Command, toComplete string) ([]string, cobra.ShellComp
 			} else {
 				// suggested "registry.fedoraproject.org/f29/httpd:latest" as
 				// - "registry.fedoraproject.org/f29/httpd:latest"
-				// - "registry.fedoraproject.org/f29/httpd"
 				// - "f29/httpd:latest"
-				// - "f29/httpd"
 				// - "httpd:latest"
-				// - "httpd"
 				paths := strings.Split(repo, "/")
 				for i := range paths {
 					suggestionWithTag := strings.Join(paths[i:], "/")
 					if strings.HasPrefix(suggestionWithTag, toComplete) {
 						suggestions = append(suggestions, suggestionWithTag)
 					}
-					suggestionWithoutTag := strings.SplitN(strings.SplitN(suggestionWithTag, ":", 2)[0], "@", 2)[0]
-					if strings.HasPrefix(suggestionWithoutTag, toComplete) {
-						suggestions = append(suggestions, suggestionWithoutTag)
-					}
 				}
 			}
 		}

cmd/podman/containers/ps.go

@@ -375,6 +375,10 @@ func (l psReporter) State() string {
 
 // Status is a synonym for State()
 func (l psReporter) Status() string {
+	hc := l.ListContainer.Status
+	if hc != "" {
+		return l.State() + " (" + hc + ")"
+	}
 	return l.State()
 }
 

cmd/podman/generate/generate.go

@@ -11,7 +11,7 @@ var (
 	// Command: podman _generate_
 	generateCmd = &cobra.Command{
 		Use:   "generate",
-		Short: "Generate structured data based on containers, pods or volumes.",
+		Short: "Generate structured data based on containers, pods or volumes",
 		Long:  "Generate structured data (e.g., Kubernetes YAML or systemd units) based on containers, pods or volumes.",
 		RunE:  validate.SubCommandExists,
 	}

cmd/podman/images/prune.go

@@ -80,7 +80,7 @@ func prune(cmd *cobra.Command, args []string) error {
 func createPruneWarningMessage(pruneOpts entities.ImagePruneOptions) string {
 	question := "Are you sure you want to continue? [y/N] "
 	if pruneOpts.All {
-		return "WARNING! This will remove all images without at least one container associated to them.\n" + question
+		return "WARNING! This command removes all images without at least one container associated with them.\n" + question
 	}
-	return "WARNING! This will remove all dangling images.\n" + question
+	return "WARNING! This command removes all dangling images.\n" + question
 }

cmd/podman/machine/list.go

@@ -40,10 +40,13 @@ type listFlagType struct {
 }
 
 type machineReporter struct {
-	Name    string
-	Created string
-	LastUp  string
-	VMType  string
+	Name     string
+	Created  string
+	LastUp   string
+	VMType   string
+	CPUs     uint64
+	Memory   string
+	DiskSize string
 }
 
 func init() {
@@ -54,7 +57,7 @@ func init() {
 
 	flags := lsCmd.Flags()
 	formatFlagName := "format"
-	flags.StringVar(&listFlag.format, formatFlagName, "{{.Name}}\t{{.VMType}}\t{{.Created}}\t{{.LastUp}}\n", "Format volume output using Go template")
+	flags.StringVar(&listFlag.format, formatFlagName, "{{.Name}}\t{{.VMType}}\t{{.Created}}\t{{.LastUp}}\t{{.CPUs}}\t{{.Memory}}\t{{.DiskSize}}\n", "Format volume output using Go template")
 	_ = lsCmd.RegisterFlagCompletionFunc(formatFlagName, completion.AutocompleteNone)
 	flags.BoolVar(&listFlag.noHeading, "noheading", false, "Do not print headers")
 }
@@ -85,8 +88,11 @@ func list(cmd *cobra.Command, args []string) error {
 
 func outputTemplate(cmd *cobra.Command, responses []*machineReporter) error {
 	headers := report.Headers(machineReporter{}, map[string]string{
-		"LastUp": "LAST UP",
-		"VmType": "VM TYPE",
+		"LastUp":   "LAST UP",
+		"VmType":   "VM TYPE",
+		"CPUs":     "CPUS",
+		"Memory":   "MEMORY",
+		"DiskSize": "DISK SIZE",
 	})
 
 	row := report.NormalizeFormat(listFlag.format)
@@ -136,6 +142,9 @@ func toHumanFormat(vms []*machine.ListResponse) ([]*machineReporter, error) {
 		}
 		response.Created = units.HumanDuration(time.Since(vm.CreatedAt)) + " ago"
 		response.VMType = vm.VMType
+		response.CPUs = vm.CPUs
+		response.Memory = units.HumanSize(float64(vm.Memory) * units.MiB)
+		response.DiskSize = units.HumanSize(float64(vm.DiskSize) * units.GiB)
 
 		humanResponses = append(humanResponses, response)
 	}

cmd/podman/play/play.go

@@ -10,7 +10,7 @@ var (
 	// Command: podman _play_
 	playCmd = &cobra.Command{
 		Use:   "play",
-		Short: "Play containers, pods or volumes from a structured file.",
+		Short: "Play containers, pods or volumes from a structured file",
 		Long:  "Play structured data (e.g., Kubernetes YAML) based on containers, pods or volumes.",
 		RunE:  validate.SubCommandExists,
 	}

cmd/podman/registry/config.go

@@ -89,12 +89,7 @@ func newPodmanConfig() {
 // use for the containers.conf configuration file.
 func setXdgDirs() error {
 	if !rootless.IsRootless() {
-		// unset XDG_RUNTIME_DIR for root
-		// Sometimes XDG_RUNTIME_DIR is set to /run/user/0 sometimes it is unset,
-		// the inconsistency is causing issues for the dnsname plugin.
-		// It is already set to an empty string for conmon so lets do the same
-		// for podman. see #10806 and #10745
-		return os.Unsetenv("XDG_RUNTIME_DIR")
+		return nil
 	}
 
 	// Setup XDG_RUNTIME_DIR

cmd/podman/root.go

@@ -92,6 +92,11 @@ func Execute() {
 		if registry.GetExitCode() == 0 {
 			registry.SetExitCode(define.ExecErrorCodeGeneric)
 		}
+		if registry.IsRemote() {
+			if strings.Contains(err.Error(), "unable to connect to Podman") {
+				fmt.Fprintln(os.Stderr, "Cannot connect to Podman. Please verify your connection to the Linux system using `podman system connection list`, or try `podman machine init` and `podman machine start` to manage a new Linux VM")
+			}
+		}
 		fmt.Fprintln(os.Stderr, formatError(err))
 	}
 	os.Exit(registry.GetExitCode())

cmd/podman/system/prune.go

@@ -113,15 +113,15 @@ func prune(cmd *cobra.Command, args []string) error {
 
 func createPruneWarningMessage(pruneOpts entities.SystemPruneOptions) string {
 	if pruneOpts.All {
-		return `WARNING! This will remove:
+		return `WARNING! This command removes:
 	- all stopped containers
 	- all networks not used by at least one container%s
-	- all images without at least one container associated to them
+	- all images without at least one container associated with them
 	- all build cache
 
 %s`
 	}
-	return `WARNING! This will remove:
+	return `WARNING! This command removes:
 	- all stopped containers
 	- all networks not used by at least one container%s
 	- all dangling images

docs/source/markdown/podman-build.1.md

@@ -64,8 +64,10 @@ discarded when writing images in Docker formats.
 
 #### **--arch**=*arch*
 
-Set the ARCH of the image to the provided value instead of the architecture of
-the host.
+Set the architecture of the image to be built, and that of the base image to be
+pulled, if the build uses one, to the provided value instead of using the
+architecture of the build host. (Examples: arm, arm64, 386, amd64, ppc64le,
+s390x)
 
 #### **--authfile**=*path*
 
@@ -321,7 +323,8 @@ Pass through HTTP Proxy environment variables.
 
 #### **--iidfile**=*ImageIDfile*
 
-Write the image ID to the file.
+Write the built image's ID to the file.  When `--platform` is specified more
+than once, attempting to use this option will trigger an error.
 
 #### **--ignorefile**
 
@@ -389,6 +392,7 @@ Name of the manifest list to which the image will be added. Creates the manifest
 if it does not exist. This option is useful for building multi architecture images.
 
 #### **--memory**, **-m**=*LIMIT*
+
 Memory limit (format: `<number>[<unit>]`, where unit = b (bytes), k (kilobytes),
 m (megabytes), or g (gigabytes))
 
@@ -430,8 +434,9 @@ with a new set of cached layers.
 
 #### **--os**=*string*
 
-Set the OS to the provided value instead of the current operating system of the
-host.
+Set the OS of the image to be built, and that of the base image to be pulled,
+if the build uses one, instead of using the current operating system of the
+build host.
 
 #### **--pid**=*pid*
 
@@ -442,11 +447,28 @@ that the PID namespace in which `podman` itself is being run should be reused,
 or it can be the path to a PID namespace which is already in use by another
 process.
 
-#### **--platform**="Linux"
+#### **--platform**="OS/ARCH[/VARIANT][,...]"
+
+Set the OS/ARCH of the built image (and its base image, if your build uses one)
+to the provided value instead of using the current operating system and
+architecture of the host (for example `linux/arm`). If `--platform` is set,
+then the values of the `--arch`, `--os`, and `--variant` options will be
+overridden.
+
+The `--platform` flag can be specified more than once, or given a
+comma-separated list of values as its argument.  When more than one platform is
+specified, the `--manifest` option should be used instead of the `--tag`
+option.
+
+OS/ARCH pairs are those used by the Go Programming Language.  In several cases
+the ARCH value for a platform differs from one produced by other tools such as
+the `arch` command.  Valid OS and architecture name combinations are listed as
+values for $GOOS and $GOARCH at https://golang.org/doc/install/source#environment,
+and can also be found by running `go tool dist list`.
 
-This option has no effect on the build. Other container engines use this option
-to control the execution platform for the build (e.g., Windows, Linux) which is
-not required for Buildah as it supports only Linux.
+While `podman build` is happy to use base images and build images for any
+platform that exists, `RUN` instructions will not be able to succeed without
+the help of emulation provided by packages like `qemu-user-static`.
 
 #### **--pull**
 
@@ -486,7 +508,6 @@ commands specified by the **RUN** instruction.
 Note: You can also override the default runtime by setting the BUILDAH\_RUNTIME
 environment variable.  `export BUILDAH_RUNTIME=/usr/local/bin/runc`
 
-
 #### **--secret**=**id=id,src=path**
 
 Pass secret information to be used in the Containerfile for building images
@@ -497,7 +518,6 @@ To later use the secret, use the --mount flag in a `RUN` instruction within a `C
 
 `RUN --mount=type=secret,id=mysecret cat /run/secrets/mysecret`
 
-
 #### **--security-opt**=*option*
 
 Security Options
@@ -697,7 +717,9 @@ process.
 
 #### **--variant**=""
 
-Set the architecture variant of the image to be pulled.
+Set the architecture variant of the image to be built, and that of the base
+image to be pulled, if the build uses one, to the provided value instead of
+using the architecture variant of the build host.
 
 #### **--volume**, **-v**[=*[HOST-DIR:CONTAINER-DIR[:OPTIONS]]*]
 
@@ -858,14 +880,18 @@ $ podman build --layers --force-rm -t imageName .
 $ podman build --no-cache --rm=false -t imageName .
 ```
 
-### Building an multi-architecture image using a --manifest option (Requires emulation software)
+### Building a multi-architecture image using the --manifest option (requires emulation software)
 
 ```
 $ podman build --arch arm --manifest myimage /tmp/mysrc
 
 $ podman build --arch amd64 --manifest myimage /tmp/mysrc
 
 $ podman build --arch s390x --manifest myimage /tmp/mysrc
+
+$ podman build --platform linux/s390x,linux/ppc64le,linux/amd64 --manifest myimage /tmp/mysrc
+
+$ podman build --platform linux/arm64 --platform linux/amd64 --manifest myimage /tmp/mysrc
 ```
 
 ### Building an image using a URL, Git repo, or archive

libpod/boltdb_state.go

@@ -1756,6 +1756,23 @@ func (s *BoltState) SafeRewriteContainerConfig(ctr *Container, oldName, newName
 				if err := allCtrsBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
 					return errors.Wrapf(err, "error renaming container %s in all containers bucket in DB", ctr.ID())
 				}
+				if ctr.config.Pod != "" {
+					podsBkt, err := getPodBucket(tx)
+					if err != nil {
+						return err
+					}
+					podBkt := podsBkt.Bucket([]byte(ctr.config.Pod))
+					if podBkt == nil {
+						return errors.Wrapf(define.ErrInternal, "bucket for pod %s does not exist", ctr.config.Pod)
+					}
+					podCtrBkt := podBkt.Bucket(containersBkt)
+					if podCtrBkt == nil {
+						return errors.Wrapf(define.ErrInternal, "pod %s does not have a containers bucket", ctr.config.Pod)
+					}
+					if err := podCtrBkt.Put([]byte(ctr.ID()), []byte(newName)); err != nil {
+						return errors.Wrapf(err, "error renaming container %s in pod %s members bucket", ctr.ID(), ctr.config.Pod)
+					}
+				}
 			}
 		}
 

libpod/container_copy_linux.go

@@ -174,7 +174,7 @@ func (c *Container) copyToArchive(ctx context.Context, path string, writer io.Wr
 
 // getContainerUser returns the specs.User and ID mappings of the container.
 func getContainerUser(container *Container, mountPoint string) (specs.User, error) {
-	userspec := container.Config().User
+	userspec := container.config.User
 
 	uid, gid, _, err := chrootuser.GetUser(mountPoint, userspec)
 	u := specs.User{

libpod/container_internal.go

@@ -982,12 +982,11 @@ func (c *Container) checkDependenciesRunning() ([]string, error) {
 		}
 
 		// Check the status
-		conf := depCtr.Config()
 		state, err := depCtr.State()
 		if err != nil {
 			return nil, errors.Wrapf(err, "error retrieving state of dependency %s of container %s", dep, c.ID())
 		}
-		if state != define.ContainerStateRunning && !conf.IsInfra {
+		if state != define.ContainerStateRunning && !depCtr.config.IsInfra {
 			notRunning = append(notRunning, dep)
 		}
 		depCtrs[dep] = depCtr
@@ -1063,7 +1062,7 @@ func (c *Container) cniHosts() string {
 	var hosts string
 	if len(c.state.NetworkStatus) > 0 && len(c.state.NetworkStatus[0].IPs) > 0 {
 		ipAddress := strings.Split(c.state.NetworkStatus[0].IPs[0].Address.String(), "/")[0]
-		hosts += fmt.Sprintf("%s\t%s %s\n", ipAddress, c.Hostname(), c.Config().Name)
+		hosts += fmt.Sprintf("%s\t%s %s\n", ipAddress, c.Hostname(), c.config.Name)
 	}
 	return hosts
 }
@@ -2127,7 +2126,7 @@ func (c *Container) canWithPrevious() error {
 // JSON files for later export
 func (c *Container) prepareCheckpointExport() error {
 	// save live config
-	if _, err := metadata.WriteJSONFile(c.Config(), c.bundlePath(), metadata.ConfigDumpFile); err != nil {
+	if _, err := metadata.WriteJSONFile(c.config, c.bundlePath(), metadata.ConfigDumpFile); err != nil {
 		return err
 	}